Securing your Virtualized Datacenter Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008
Agenda VMware Virtualization Technology How Virtualization Affects Datacenter Security Keys to a Secure Deployment The Future of Datacenter Security
Securing your Virtualized Datacenter VMWARE VIRTUALIZATION TECHNOLOGY
Hosted Virtualization vs. Bare Metal Virtualization Hosted Virtualization Bare-Metal Virtualization Guest VM can be trusted Guest VM not necessarily trusted VMware Workstation VMware Server VMware Player Host OS changes security profile VMware ESX Server
Isolation by design 5
ESX Hypervisor: Robust, Reliable Foundation Virtual Machine Drivers Virtual Machine Drivers Virtual Machine Drivers Drivers VMware Architecture Thin Custom Kernel Direct driver model VM-optimized drivers Higher I/O throughput MSFT / Xen Architecture Large general-purpose OS Indirect driver model Generic drivers I/O degradation under load
Improving Security of the Platform VMware ESXi Compact 32MB footprint Fewer patches ESXi Smaller attack surface Absence of generalpurpose management OS No arbitrary code running on server Not susceptible to common threats Only OS-independent design focused on virtualization
Improving Security of the Platform Harden Platform Services (2009) Integrity on Disk TPM (Trusted Platform Module) support Code & driver signing Integrity in Memory Memory Protection
VMware: Proven and Trusted Thousands of customers in production Passed security audit and put into production use by largest banks in the US Passed Defense and Security Agencies scrutiny and audit 9
Independently validated Common Criteria Certification EAL (Evaluation Assurance Level) CC EAL 4+ certification http://www.cse-cst.gc.ca/services/ccs/vmware-e.html Highest recognized level VMware Technology chosen as basis for NSA Virtualized Workstation 10
Securing your Virtualized Datacenter HOW VIRTUALIZATION AFFECTS DATACENTER SECURITY
How Virtualization Affects Datacenter Security 12
How Virtualization Affects Datacenter Security 13
Biggest Security Risk: Misconfiguration Neil MacDonald How To Securely Implement Virtualization Like their physical counterparts, most security vulnerabilities will be introduced through misconfiguration and mismanagement
What not to worry about
Securing your Virtualized Datacenter KEYS TO A SECURE VIRTUALIZED DEPLOYMENT
Securing Virtual Machines Provide Same Protection as for Physical Servers Host Anti-Virus Patch Management Network Intrusion Detection/Prevention (IDS/IPS) Edge Firewalls 17
Secure Design for Virtualization Layer Fundamental Design Principles Isolate all management networks Disable all unneeded services Tightly regulate all administrative access 18
Enforce Strong Access Controls Joe Harry Security Principle Least Privileges Separation of Duties Implementation in VI Roles with only required privileges Roles applied only to required objects Administrator Operator Anne User 19
Maintain Strict Administrative Controls Requirement Configuration management, monitoring, auditing Track and Manage VM Lifecycle Updating of offline VMs Virtual network security Example Products Tripwire Enterprise for VMware ESX NetIQ Secure Configuration Manager Configuresoft ECM for Virtualization VMware Lifecycle Manager VMware Stage Manager VMware Update Manager Shavlik NetChk Protect Checkpoint Reflex Third Brigade Diverse and growing ecosystem of products to help provide secure VMware Infrastructure 20
Security Advantages of Virtualization Ease of maintenance Test patches on multiple configurations in contained environment before rolling them out Use snapshots to save the known good state of a virtual machine before trying out something risky Production VM can be cloned and then modified off-line while the original one still runs. Updated VMs can be brought up in parallel with the previous version Both can be kept running as long as necessary to validate the new configuration 21
Security Advantages of Virtualization Protect against attack of misconfiguration or attack Ease of recovery restoring it from last known good backup patch in isolation before putting online Ability to do forensics Bring up hacked VM in isolation 22
Better Lifecycle Controls Security Advantages of Virtualization Create Approve Publish or Retract Audit Usage Retain Request Document Dispose Archive Deploy from Template Route for Audit/ Approval Power-On or Suspend Monitor & Adjust Resources Request for VM Provisioning Delete
Securing your Virtualized Datacenter THE FUTURE OF DATACENTER SECURITY 24
VMsafe Enables Application Protection VMsafe API and Partner Program Protect the VM by inspection of virtual components (CPU, Memory, Network and Storage) Run outside the VM Complete integration and awareness of VMotion, Storage VMotion, HA, etc. Fundamentally changes protection available for VMs running on VMware Infrastructure vs. physical machines Provides an unprecedented level of security Virtual is more secure than Real ESX with ESXVMsafe http://vmware.com/go/vmsafe VMsafe
VMsafe: Broad Security Industry Support Enterprise to SMB End-points to Gateways Anti-Virus to IPS Networks to Host Audit to Patching And Anywhere in between 26
Virtual Datacenter OS: Security vservice
Before VDC-OS IIS #1 Firewall Load Balancer IIS #2 Firewall Tomcat App Server Oracle App-specific security policies hard or impossible to set without interior visibility Static, HW appliances cannot be dynamically re-configured based on topology changes Fixed-capacity appliances forces over-provisioning
After VDC-OS Application topology and protocol awareness allows for dynamic security based on logical boundaries Dynamic capacity and rerouting based on load balancing and power management Security policies auto-adapt to network reconfiguration or upgrades to 3rd-party virtual networking, e.g Nexus 1000V
Where to Learn More Security Hardening Best Practices Implementation Guidelines http://vmware.com/go/security Compliance Partner Solutions Advice and Recommendations http://vmware.com/go/compliance
Thank You Charu Chaubal charu@vmware.com http://www.vmware.com/go/security